ABSTRACT
We present a method for automatically generating verification conditions for a class of imperative programs and safety properties. Our method is parametric with respect to the semantics of the imperative programming language, as it specializes, by using unfold/fold transformation rules, a Horn clause interpreter that encodes that semantics.
We define a multi-step operational semantics for a fragment of the C language and compare the verification conditions obtained by using this semantics with those obtained by using a more traditional small-step semantics. The flexibility of the approach is further demonstrated by showing that it is possible to easily take into account alternative operational semantics definitions for modeling new language features. Finally, we provide an experimental evaluation of the method by generating verification conditions using the multi-step and the small-step semantics for a few hundreds of programs taken from various publicly available benchmarks, and by checking the satisfiability of these verification conditions by using state-of-the-art Horn clause solvers. These experiments show that automated verification of programs from a formal definition of the operational semantics is indeed feasible in practice.
- E. Albert, M. Gómez-Zamalloa, L. Hubert, and G. Puebla. Verification of Java Bytecode Using Analysis and Transformation of Logic Programs. In Proc. PADL '07, LNCS 4354, pp 124--139. Springer, 2007. Google ScholarDigital Library
- M. Barnett, B.-Y. Chang, R. DeLine, B. Jacobs, and K. Leino. Boogie: A modular reusable verifier for object-oriented programs. In Proc. FMCO '05, LNCS 4111, pp 364--387. Springer, 2006. Google ScholarDigital Library
- N. Bjørner, K. McMillan, and A. Rybalchenko. Program verification as satisfiability modulo theories. In Proc. SMT'12, pp 3--11, 2012.Google Scholar
- A. Cimatti, A. Griggio, B. Schaafsma, and R. Sebastiani. The Math-SAT5 SMT Solver. In Proc. TACAS '13, LNCS 7795, pp 93--107. Springer, 2013. Google ScholarDigital Library
- D. Cok and J. Kiniry. ESC/Java2: Uniting ESC/Java and JML. In Proc. CASSIS '04, LNCS 3362, pp 108--128. Springer, 2005. Google ScholarDigital Library
- P. Cousot. Abstract interpretation based static analysis parameterized by semantics. In Proc. SAS '97, LNCS 1302, pp 388--394. Springer, 2005. Google ScholarDigital Library
- P. Cousot and R. Cousot. Abstract interpretation: A unified lattice model for static analysis of programs by construction of approximation of fixpoints. In Proc. POPL '77, pp 238--252. ACM, 1977. Google ScholarDigital Library
- P. Cousot and N. Halbwachs. Automatic discovery of linear restraints among variables of a program. In Proc. POPL '78, pp 84--96. ACM, 1978. Google ScholarDigital Library
- E. De Angelis, F. Fioravanti, A. Pettorossi, and M. Proietti. Specialization with Constrained Generalization for Software Model Checking. In Proc. LOPSTR '12, LNCS 7844, pp 51--70, Springer, 2013.Google ScholarCross Ref
- E. De Angelis, F. Fioravanti, J. A. Navas, and M. Proietti. Verification of programs by combining iterated specialization with interpolation. In Proc. HCVS '14, EPTCS 169, pages 3--18, 2014.Google ScholarCross Ref
- E. De Angelis, F. Fioravanti, A. Pettorossi, and M. Proietti. Verifying Array Programs by Transforming Verification Conditions. In Proc. VMCAI '14, LNCS 8318, pp 182--202. Springer, 2014.Google ScholarDigital Library
- E. De Angelis, F. Fioravanti, A. Pettorossi, and M. Proietti. VeriMAP: A Tool for Verifying Programs through Transformations. In Proc. TACAS '14, LNCS 8413, pp 568--574. Springer, 2014.Google ScholarCross Ref
- E. De Angelis, F. Fioravanti, A. Pettorossi, and M. Proietti. Program verification via iterated specialization. Science of Computer Programming, 95, Part 2:149--175, 2014.Google Scholar
- E. De Angelis, F. Fioravanti, A. Pettorossi, and M. Proietti. Proving Correctness of Imperative Programs by Linearizing Constrained Horn Clauses. In Proc. Int. Conf. Logic Programming, ICLP '15, 2015.Google ScholarCross Ref
- L. M. de Moura and N. Bjørner. Z3: An efficient SMT solver. In Proc. TACAS '08, LNCS 4963, pp 337--340. Springer, 2008. Google ScholarDigital Library
- S. Etalle and M. Gabbrielli. Transformations of CLP modules. Theoretical Computer Science, 166:101--146, 1996. Google ScholarDigital Library
- J.-C. Filliâtre and A. Paskevich. Why3-Where programs meet provers. In Proc. ESOP '13, LNCS 7792, pp 125--128. Springer, 2013. Google ScholarDigital Library
- F. Fioravanti, A. Pettorossi, and M. Proietti. Automated strategies for specializing constraint logic programs. In Proc. LOPSTR '00, LNCS 2042, pp 125--146. Springer, 2001. Google ScholarDigital Library
- F. Fioravanti, A. Pettorossi, M. Proietti, and V. Senni. Generalization strategies for the verification of infinite state systems. In Theory and Practice of Logic Programming 13(2): 175--199 2013Google ScholarCross Ref
- F. Fioravanti, A. Pettorossi, M. Proietti, and V. Senni. Improving reachability analysis of infinite state systems by specialization. Fundamenta Informaticae, 119(3-4):281--300, 2012. Google ScholarDigital Library
- C. Flanagan. Automatic software model checking via constraint logic. In Science of Computer Programming, 50(1-3):253--270, 2004. Google ScholarDigital Library
- C. Flanagan and J. Saxe. Avoiding exponential explosion: Generating compact verification conditions. SIGPLAN, 36(3):193--205, 2001. Google ScholarDigital Library
- S. Grebenshchikov, A. Gupta, N. P. Lopes, C. Popeea, and A. Rybalchenko. HSF(C): A Software Verifier based on Horn Clauses. In Proc. TACAS '12, LNCS 7214, pp 549--551. Springer, 2012. Google ScholarDigital Library
- S. Grebenshchikov, N. P. Lopes, C. Popeea, and A. Rybalchenko. Synthesizing software verifiers from proof rules. In Proc. PLDI '12, pp 405--416. ACM, 2012. Google ScholarDigital Library
- T. Henzinger, T. Hottelier, and L. Kovács. Valigator: A verification tool with bound and invariant generation. In Proc. LPAR '08, pp 333--342, 2008. Google ScholarDigital Library
- J. Jaffar and M. Maher. Constraint logic programming: A survey. Journal of Logic Programming, 19/20:503--581, 1994.Google ScholarCross Ref
- J. Jaffar, J. A. Navas, and A. E. Santosa. Unbounded Symbolic Execution for Program Verification. In Proc. RV '11, LNCS 7186, pp 396--411. Springer, 2012. Google ScholarDigital Library
- B. Kafle and J. P. Gallagher. Constraint Specialisation in Horn Clause Verification. In Proc. PEPM '15, pp 85--90. ACM, 2015. Google ScholarDigital Library
- M. Leuschel and M. Bruynooghe. Logic program specialisation through partial deduction: Control issues. Theory and Practice of Logic Programming, 2(4&5):461--515, 2002. Google ScholarDigital Library
- T. Lev-Ami, R. Manevich, and M. Sagiv. TVLA: A system for generating abstract interpreters. In Building the Information Society, Volume 156 of IFIP, pp 367--375. Springer, 2004.Google ScholarCross Ref
- J. Matthews, J. Moore, S. Ray, and D. Vroon. Verification condition generation via theorem proving. In Proc. LPAR '06, LNCS 4246, pp 362--376. Springer, 2006. Google ScholarDigital Library
- K. L. McMillan and A. Rybalchenko. Solving constrained Horn clauses using interpolation. MSR TR 2013-6, Microsoft Report, 2013.Google Scholar
- J. Moore. Inductive assertions and operational semantics. In Proc. CHARME '03, LNCS 2860, pp 289--303. Springer, 2003.Google Scholar
- G. C. Necula, S. McPeak, S. P. Rahul, and W.Weimer. CIL: Intermediate language and tools for analysis and transformation of C programs. In Proc. CC '02, LNCS 2304, pp 209--265. Springer, 2002. Google ScholarDigital Library
- J. C. Peralta and J. P. Gallagher. Imperative Program Specialisation: An Approach Using CLP. In Proc. LOPSTR'99, LNCS 1817, pp 102--117. Springer, 2000. Google ScholarDigital Library
- J. C. Peralta, J. P. Gallagher, and H. Saglam. Analysis of Imperative Programs through Analysis of Constraint Logic Programs. In Proc. SAS '98, LNCS 1503, pp 246--261. Springer, 1998. Google ScholarDigital Library
- B. C. Pierce. Types and Programming Languages. MIT Press, Cambridge, MA, USA, 2002. ISBN 0-262-16209-1. Google ScholarDigital Library
- G. Rosu and T. Serbanuta. An overview of the K semantic framework. Journal of Logic and Algebraic Programming, 79(6):397--434, 2010.Google ScholarCross Ref
- A. van Leeuwen. Building verification condition generators by compositional extension. ENTCS, 191(0):73--83, 2007. Google ScholarDigital Library
Index Terms
- Semantics-based generation of verification conditions by program specialization
Recommendations
Verification conditions for source-level imperative programs
This paper is a systematic study of verification conditions and their use in the context of program verification. We take Hoare logic as a starting point and study in detail how a verification conditions generator can be obtained from it. The notion of ...
Constructive Methods in Program Verification
Most current approaches to mechanical program verification transform a program and its specifications into first-order formulas and try to prove these formulas valid. Since the first-order predicate calculus is not decidable, such approaches are ...
Operational Semantics and Program Verification Using Many-Sorted Hybrid Modal Logic
Automated Reasoning with Analytic Tableaux and Related MethodsAbstractWe propose a general framework to allow: (a) specifying the operational semantics of a programming language; and (b) stating and proving properties about program correctness. Our framework is based on a many-sorted system of hybrid modal logic, ...
Comments